fix(parse): survive non-cloneable worker results so large-repo analyze doesn't crash (#2112)

[magyargergo]

Problem (#2112)

gitnexus analyze aborts on large repos of vendored/generated C++ (ExecutorTorch, TensorFlow Lite). One of the three failure modes in the issue is a deterministic crash that defeats even the conservative GITNEXUS_WORKER_POOL_SIZE=1 workaround:

DataCloneError: function toString() { [native code] } could not be cloned.
    at MessagePort.<anonymous> (.../parse-worker.js:1913:24)

A parse worker delivers its accumulated result via postMessage, which structured-clones the payload synchronously on the worker thread and throws on the first value it can't serialize (here, a node properties value pointing at a native toString). The worker re-posts the throw as {type:'error'}; the pool counts it as a worker death; and under POOL_SIZE=1 the same graph re-throws on every respawn until the slot's budget is exhausted and the whole parse phase aborts.

This was confirmed empirically — structuredClone({ toString: Object.prototype.toString }) reproduces the exact issue string. (It is not the Scope Maps — those clone fine — and not a leaked Error — those clone fine. Because production analyze runs in store-mode, where parsedFiles are emptied before the post and the shard write's JSON.stringify silently drops functions, the leak rides in a plain-record array, not captureSideChannel.)

What this PR does

Adds a clone-safety net at the worker result boundary (new workers/clone-safety.ts). On a clone failure the worker:

• isolates the offending file (per-element structuredClone probe — clean arrays keep referential identity, zero copy),
• strips the non-cloneable value from a plain extraction record (keeping the record — strictly-missing data, never wrong), or drops a whole ParsedFile so scope-resolution re-derives it on the main thread with intact edge data,
• records the affected paths on result.skippedPaths, warns naming the field + file so the still-unpinned leak is diagnosable from logs and fixable at source, and re-posts.

Healthy runs are byte-identical — the net runs only after a real DataCloneError, so there's zero overhead on the fast path. The strip drops the same values the store path's JSON.stringify already silently removes, so store/no-store runs converge. Skipped paths surface via the parsing processor alongside the existing skipped-language telemetry.

The worker-pool resilience machinery is untouched (doc-comment corrections only — two stale comments wrongly claimed clone failures route to messageerror; the failure is a sender-side synchronous throw). U1 sanitizes at the source, so the pool's death/respawn path is never reached.

Scope

PR-1 — failure mode C, the deterministic POOL_SIZE=1 killer. The timeout/native-abort graceful-degradation cascade (failure modes A & B) is coupled to downstream re-parse exclusion + a hard per-file worker watchdog and is tracked as follow-up work (it would otherwise just relocate the hang/native-abort to the main thread).

Test plan

• test/unit/clone-safety.test.ts (10 cases): the exact function toString() { [native code] } repro; the refuted Map case; strip-and-keep vs drop-and-reparse; referential identity on healthy results.
• test/integration/parse-impl-clone-skip.test.ts: real worker, POOL_SIZE=1 — GREEN (a non-cloneable result is sanitized and the run completes with all files) + RED control (the same raw result aborts the phase). The test worker imports the built helper and applies the exact production pattern, exercising the real clone boundary the fake-worker doubles can't.
• Regression: worker-pool unit suites (50/50), quarantine-cache-skip integration, tsc --noEmit, prettier — all green.

🤖 Generated with Claude Code

[vercel]

@magyargergo is attempting to deploy a commit to the NexusCore Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

CI Report

✅ All checks passed

Pipeline Status

Stage	Status	Details
✅ Typecheck	success	tsc --noEmit
✅ Tests	success	unit tests, 3 platforms
✅ E2E	success	gitnexus-web changes only

Test Results

Tests	Passed	Failed	Skipped	Duration
11034	11018	0	16	578s

✅ All 11018 tests passed

16 test(s) skipped — expand for details

• COBOL pipeline benchmark > scales with file count
• C++ ADL emit benchmark > emit phase scales sub-quadratically with co-scaled files and sites
• C++ pipeline benchmark > scales with file count
• C# pipeline benchmark > scales with file count — namespaces spread across the solution
• C# pipeline benchmark > scales with file count — all types in one (global) namespace bucket
• C# pipeline benchmark > scales with file count — all types in one (named) namespace bucket
• Go pipeline benchmark > scales with file count (workers enabled)
• Go pipeline benchmark — worker pool (issue Worker idle timeout kills long Go scope extraction and surfaces as Napi::Error during analyze #1848) > does not quarantine the large generated Go file on sub-batch idle timeout
• Go structural interface detection benchmark > scales linearly with interface × struct count
• Go structural interface detection split-phase benchmark > separates index-build and detection time
• PHP pipeline benchmark > scales with file count (workers enabled)
• Ruby pipeline benchmark > scales with file count (workers enabled)
• Rust pipeline benchmark > scales with file count (workers enabled)
• Vue pipeline benchmark > scales with component count
• run.cjs direct-exec entrypoint (fix(cli): steer docs, skills, and hooks through a CLI-neutral project-local runner (#1939) #1945) > resolves a .cmd shim via the Windows shell branch, passing args and exit code
• buildTypeEnv > known limitations (documented skip tests) > Ruby block parameter: users.each { |user| } — closure param inference, different feature

Code Coverage

Tests

Metric	Coverage	Covered	Base	Delta	Status
Statements	75.35%	36129/47945	N/A%	—	🟢 ███████████████░░░░░
Branches	63.15%	22388/35451	N/A%	—	🟢 ████████████░░░░░░░░
Functions	80.97%	3885/4798	N/A%	—	🟢 ████████████████░░░░
Lines	79.12%	32655/41268	N/A%	—	🟢 ███████████████░░░░░

---

_{📋 View full run · Generated by CI}

[magyargergo]

Tri-review: 3 methods — GitNexus swarm + Compound-Engineering personas + Codex

Engine breakdown: 6 Claude reviewer lanes (risk, test/CI, correctness, adversarial, maintainability, performance) + Codex (live — the one genuinely independent engine). Two of the three methods are Claude under different persona prompts, so Claude-only agreement is "consistent across personas," not independent confirmation; the strong signal is Codex+Claude agreement, flagged below.

What's solid (validated by the review, not merely unchallenged)

• Healthy path is zero-overhead — all lanes + Codex confirm the fast path is a single postMessage with an early return; the sanitizer runs only inside the DataCloneError catch.
• worker-pool.ts is genuinely comments-only — risk + correctness + Codex each diffed it; no logic change (two stale comments corrected).
• The fix neutralizes the #2112 deterministic POOL_SIZE=1 killer — the DataCloneError is intercepted before the worker re-posts {type:'error'}; the integration GREEN/RED pair demonstrates it end-to-end.
• skippedPaths is backward-compatible (optional, ?? []-guarded everywhere) and structured-clone reject-set parity holds for the real ParseWorkerResult shapes — the correctness lane probed functions/symbols/Promises/WeakMaps/data-class-instances/BigInt/boxed-primitives/null-proto/ArrayBuffer/getters empirically. The earlier "Maps don't clone" hypothesis stays refuted — Maps clone fine and are left untouched.

Headline (inline) — [P2 · defensive hardening] the safety net can re-arm the cascade it fixes

In postResultCloneSafe the recovery call makeWorkerResultCloneSafe(...) and the re-post sit outside the try/catch (which wraps only the first post), and containsNonCloneable/stripNonCloneable recurse with a cycle guard but no depth bound. A throw inside the sanitizer — a RangeError from a deeply-nested record (the adversarial lane reproduced this at depth ≥3000 against the real exported helper) or a throwing getter — escapes to the handler's {type:'error'}, which under POOL_SIZE=1 is exactly the worker-death → respawn-exhaustion → phase-abort cascade this PR fixes. Reachability is low and both engines agree (Codex + correctness: real parse-result records are shallow plain-JSON, no getters), so this is hardening, not a production-likely trigger. Cheap fix: wrap the sanitizer + re-post in try/catch (fail closed deliberately) and bound the recursion depth.

Inline — [P3] integration-test fidelity (Codex + 2 Claude lanes)

The GREEN worker re-implements postResultCloneSafe inline (it imports the real helper functions but hand-rolls the orchestration), so the production wiring — the {type:'warning'} post and the skippedPaths append/merge — has no integration coverage. The RED control asserts a bare .rejects.toThrow(), so an unrelated failure would satisfy it. (CI builds dist/ via setup-gitnexus build:'true' before vitest run, so the "stale dist → false green" risk is mitigated in CI; it bites only local runs that skip the build.)

Lower-priority (body only)

• [P3] stripNonCloneable over-drops DAG-aliased records (Claude-only): the shared seen set returns the original on revisit, so when a non-cloneable is reachable via two paths the whole record is dropped (reported as skipped) instead of stripped-and-kept — contradicting the "record kept" intent. The last-resort guard prevents a crash. Fix: memoize the stripped copy per object.
• Failure-path efficiency (Claude-only, severity disputed): the performance lane flags a transient ~2× memory spike (containsNonCloneable structuredClones a whole non-plain subtree to probe it — on a path that fires exactly when the worker is near its heap limit), plus a 2× per-element scan and a scan of all ~15 array fields regardless of which is dirty. The adversarial lane measured it as bounded (~185 ms / 1000 records, once per flush) and refuted it as a DoS. In store-mode the non-plain Scope Maps live in parsedFiles, which are emptied before the post, so the worst case is mostly the no-store path. A single-pass + shared-seen cleanup is worthwhile but not blocking.
• [P2 type-safety] maintainability: the result as unknown as Record<string,unknown> double-cast and the untyped Set(['parsedFiles']) / Set(['skippedPaths']) field-name literals would silently break the drop-whole protection if a field is renamed — pin them with satisfies keyof ParseWorkerResult.
• [P3] parsing-processor logs the skipped paths a second time but drops the per-file reason the worker already logged; [P3] findFilePath can attribute to a sibling child's path (telemetry-only); [P3] skippedPaths isn't zeroed in slimParseWorkerResultsForCache → minor cache-shard bloat (ignored on replay, no correctness impact).

Test gaps

No coverage for: a deeply-nested / throwing-getter / detached-buffer element (the slow-path escape); a DAG-aliased element (the over-drop); the {type:'warning'} + skippedPaths production wiring; the last-resort "unsalvageable → drop" branch.

CI

Quality (typecheck/lint/format/typecheck-web), CodeQL, gitleaks, benchmarks, packaged-install-smoke (ubuntu), tree-sitter ABI — pass. Pending at review time: Analyze (js-ts), Build & Push, windows/macos platform tests, ubuntu coverage (runs the new unit+integration tests). Vercel fail = deploy-authorization, unrelated to code.

---

Automated multi-tool digest (GitNexus swarm + CE personas + Codex), critic-gated. Verify before acting — the headline is a defensive-hardening recommendation with low production reachability, not a known production break.

[magyargergo]

Tri-review findings addressed (9 commits)

All findings from the tri-review are fixed, one commit each (rebased onto the updated branch):

Commit	Finding
14f79c32	[P2] fail-closed recovery (try/catch around the sanitizer + re-post) + MAX_CLONE_DEPTH bound, so the net can't re-arm the cascade it prevents
45c9f34b	[P3] harden against throwing getters + detached buffers (probe, no byteLength heuristic)
fb8093e5	[P3] memoize stripped copies (Map<object,copy>) so DAG-aliased records are stripped-and-kept, not over-dropped
9c440b95	[perf] single-pass scan preserving array referential identity
873938a0	[P2] drop the unused generic + pin field-name sets to keyof ParseWorkerResult (rename → compile error)
04bbe0cb	[P3] processor log keeps the per-file reason
1840f1af	[P3] findFilePath prefers properties.filePath over the sibling sweep
c3f9c4af	[P3] zero skippedPaths in the slim cache result
bc4a0a0b	[P3] extract postResultCloneSafe → side-effect-free module; integration test calls the real one; RED matcher tightened to the contract

Notes worth surfacing:

• The deepening pass caught three would-be bugs before coding: the byteLength === 0 detached-buffer check false-positives on an empty live Uint8Array(0) (dropped it for the probe), the memoization array branch couldn't use .map() (would infinite-loop on a cyclic array), and the isStructuredCloneable catch must stay broad.
• TS rejects a single-step as Record<string,unknown> for a no-index-signature interface, so the as unknown as widening stayed — the real win (compile-checked field names) is intact.

Verified locally: tsc clean · clone-safety unit 20/20 · worker-pool suites 60/60 · integration (clone-skip + quarantine) 4/4 · prettier clean.

🤖 Generated with Claude Code

[magyargergo]

Root-cause deep-dive + prevention layer

A deep investigation of the V8/Node structured-clone serializer (the postMessage path), cross-checked empirically in this Node, established the authoritative non-cloneable rule and narrowed our exposure precisely:

• Why it happens: the serializer recurses only own-enumerable, string-keyed properties via [[Get]]; any callable value (incl. native fns), Symbol, Promise/WeakMap/Proxy/generator, or a tree-sitter SyntaxNode (its own-enumerable tree.getText is the exact throw — confirmed live) aborts the clone.
• Our exposure: the entire boundary surface is plain data except three unknown sinks (ParsedNode.properties index signature + the two provider hooks), and zero SyntaxNode-typed interface fields. The hooks' only impls are provably node-free today — so the risk is the untyped holes, not a current code path.

Added to this PR (the runtime guarantee)

• c33e0455 — net-gap fix: the net's one real correctness hole — a throwing getter's RangeError (not a DataCloneError) re-threw past the sanitizer. Recovery now runs on any post failure (getter case added).
• 43274216 — key-path diagnostic: the skip reason now names the exact offending property (nodes: properties.toString), so a residual escape is locatable from one log line.
• baa2382b — clone contract test: a representative ParseWorkerResult must be structured-cloneable (shape-regression guard + compile-nudge on new fields).
• 1c0a4256 — strict-mode gate (GITNEXUS_STRICT_CLONE=1): throws with the key path instead of silently sanitizing, so a future extractor leak fails loudly at its origin. (Wiring a strict CI lane is left to the maintainer — it needs a green full-suite check and touches the protected workflow.)

Deferred (compile-time complement) → #2143

The typed Cloneable boundary (making a leak a compile error) hits a TypeScript wall — closed payload interfaces aren't assignable to a recursive index-signature type without index-signature changes across several interfaces, some in gitnexus-shared. Tracked in #2143.

The runtime net stays as the production backstop; strict mode + the contract test give the CI/test guarantee that a silent recurrence can't slip through unnoticed.

🤖 Generated with Claude Code

[github-actions]

✨ PR Autofix

Found fixable formatting / unused-import issues across 28 changed lines. Comment /autofix on this PR to apply them, or run npm run lint:fix && npm run format locally.

{"schema":"gitnexus.pr-autofix/v2","state":"fixes-available","pr_number":2135,"changed_lines":28,"head_sha":"106bb540e0510ee30a1eb68134c80bfdb057fb63","run_id":"27271736369","apply_command":"/autofix"}

[magyargergo]

Tri-review (dismiss-and-replace): clone-safety + #2143 + analyze-worker IPC

Methods — 3, with engine breakdown: 7 Claude lanes (GitNexus swarm: risk, test/CI · CE personas: correctness, adversarial, performance, maintainability, testing) + Codex (live — the only independent engine). Two Claude lanes share priors, so Codex+Claude agreement is weighted strong and Claude-only as "consistent across personas." This review supersedes the prior tri-review (its two findings — recovery-path re-arm and test fidelity — were addressed in this PR's review-fix commits; those stale inline comments are minimized).

Verdict: the runtime clone-safety net and the #2143 compile-time guard are sound and well-tested for every payload the parse pipeline actually produces. Codex found no P0–P2 defect; adversarial+correctness refuted the scary hypotheses. The findings below are defense-in-depth holes for value shapes that don't occur today (P2/P3) plus one real CI failure. No P0/P1.

Credit (validated, not merely unchallenged):

• Fast-path is genuine zero-overhead — postResultCloneSafe posts as-is and returns; the sanitizer runs only after a real post failure (performance lane, confirmed).
• The analyze-worker IPC projection drops the right field — Codex + correctness confirmed the parent (api.ts:1560) reads only result.repoName; omitting pipelineResult (the live KnowledgeGraph) is correct and a perf win.
• Refuted (validation is a feature): general sanitizer divergence on non-plain objects (both paths defer to the authoritative structuredClone probe), detached-buffer false-negatives, BigInt/circular in stats (all Number()-wrapped), boxed primitives / SharedArrayBuffer views, probe-induced OOM/hang, deep/cyclic/DAG over-drop, strict-mode double-throw, and transferList detached-buffer reuse.

Headline findings (inline)

1. [P2] analyze-worker-ipc.ts — type/runtime contract split; the Omit<> guarantee is overstated. (3 lanes · code-read) The type AnalyzeResultIpc = Omit<AnalyzeResult,'pipelineResult'> (:42) includes isPrimaryBranch?, but the runtime projectAnalyzeResultForIpc (:54-61) is an explicit allowlist that omits it — so the type claims a field the wire never carries. The doc's "a future field fails to compile until handled here" holds only for required fields; an optional one (the common case for AnalyzeResult) is silently absent. No live break (parent reads only repoName; isPrimaryBranch?:boolean at run-analyze.ts:200 isn't consumed server-side over IPC). Fix: Pick<AnalyzeResult, 'repoName'|'repoPath'|'stats'|'alreadyUpToDate'|'ftsRepairedOnly'|'ftsSkipped'> makes the allowlist the type — exhaustive by construction.
2. [P3] clone-safety.ts — the array branch ignores non-index own-enumerable properties. (correctness · reproduced) structuredClone of an array carrying e.g. arr.meta = fn THROWS, but containsNonCloneable/stripNonCloneable iterate numeric indices only (:169-173 / :279-284). So containsNonCloneable returns false, makeWorkerResultCloneSafe leaves the field unrewritten (skipped:[]), the re-post still throws, falls through to the outer catch (post-result.ts:87), and emits {type:'error'} — the same worker-death signal that arms the POOL_SIZE=1 cascade #2112 fixes. Not pipeline-reachable today (no producer attaches non-index array props), but a hole in a net whose purpose is the unanticipated leak. Fix: also scan/copy non-index Object.keys, or fall back to the isStructuredCloneable probe when an array's own-key set exceeds its indices.
3. [P3] clone-safety.ts findFilePath violates its documented "never throws"; a sanitizer-internal throw escapes recovery. (correctness + adversarial · reproduced) findFilePath (:347 doc) reads rec[key] unguarded in its generic sweep (:353, :361-363; pathFromChild :338-345). A throwing getter at a non-path key (reproduced: makeWorkerResultCloneSafe throws RangeError out) — or a Proxy with a throwing getPrototypeOf/ownKeys trap (adversarial) — escapes to the fail-closed {type:'error'}, mis-reporting a recoverable result as a worker death. Not pipeline-reachable (real records aren't Proxies/throwing getters), but the "recover from ANY failure" promise doesn't cover throws during the sanitizer's own structural enumeration. Fix: try/catch findFilePath's reads (honor its doc) and wrap each element's sanitize in makeWorkerResultCloneSafe to drop-on-throw.

Lower-priority (body only)

• Maintainability: isDataCloneError (clone-safety.ts:58) is now a dead export — the net recovers on ANY post failure and never inspects the error type; only clone-safety.test.ts imports it (git grep confirms no prod caller). makeWorkerResultCloneSafe's JSDoc still says "Call this ONLY after a real DataCloneError" though the caller is deliberately broader. parsing-processor.ts inlines {path,reason} instead of importing the exported SkippedPath. All trivial.
• Forward-looking: makeWorkerResultCloneSafe sanitizes only array fields (:401) — a future non-array result sink would bypass the net; Cloneable<any> false-accepts (an any-typed member; add an IsAny branch); the extractTemplateConstraints/collectCaptureSideChannel hook contracts in language-provider.ts don't document the assertCloneable requirement for a future language implementer.
• Performance: the failure path traverses each dirty element twice (containsNonCloneable then stripNonCloneable). Failure-path-only; the pre-scan is what preserves clean-element referential identity, so it's a deliberate tradeoff — notable only if the failure path becomes hot.
• Tests: the GREEN integration test asserts graph content but not that skippedPaths/the {type:'warning'} post actually surfaced (its docstring claims it covers that wiring — dispatchChunkParse only logs them); the IPC test uses a synthetic object, not a real KnowledgeGraph; the GITNEXUS_STRICT_CLONE=1 gate exists but no CI job runs the suite under it, so it gives no continuous protection; the "dropped unsalvageable" branch and the mergeResult skippedPaths union are untested.

CI

• quality / format (root prettier) FAILS on c-cpp.ts + kotlin.ts (the #2143 wrapping lines) — a real merge-blocker, fixable with prettier --write. CI Gate (2s) is the aggregate gating on it. Vercel fails on deploy authorization (not code). Everything substantive passes: typecheck, lint, all test matrices (ubuntu/windows/macOS coverage), tree-sitter ABI, CodeQL, packaged-install smoke, benchmarks.

Automated multi-tool digest (GitNexus swarm + CE personas + live Codex), critic-gated. All findings P2/P3 — none live-reachable from current parse output; verify before acting.

[magyargergo]

[P3 · defense-in-depth hole] (correctness · reproduced) This array branch (and stripNonCloneable at line 279) iterates numeric indices only, but structuredClone of an array also serializes non-index own-enumerable properties and throws on a non-cloneable one. Reproduced: with arr.meta = ()=>{}, structuredClone throws, yet makeWorkerResultCloneSafe returns skipped:[] and leaves the field unrewritten — the re-post then throws, falls through to post-result.ts:87, and emits {type:'error'}, the worker-death signal that arms the POOL_SIZE=1 cascade. Not produced by any current extractor, but it's a silent gap in a net meant for unanticipated leaks. Fix: scan/copy non-index Object.keys here and at line 279, or fall back to the isStructuredCloneable probe when an array's own-key set exceeds its indices. [reproduced]